This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

new CA Sectigo(formerly Comodo) not trusted

Hello. We are having a minor issues on one of our customer firewalls performing decryption. it seems certain sites. that have a certificate issued by sectigo. chainroot: Sectigointermediate: Sectigo RSA Domain Validation Secure Server CAsite certificate. I believe the root cause of this is the fact that this CA used to be called Comodo( for whic...

PA3020 upgrade failure from 8.0.11-h1 to 8.1.9-h4 - FIPS failure error

We are experiencing an upgrade error/failure when we try to upgrade PA3020 from 8.0.11-h1 to 8.1.9-h4. When our customer tried to upgrade from 8.0.11-h1 to 8.1.9-h4; their PA3020 went to Maintenance Mode after installing and rebooting .The Maintenance Mode simply stated that there is a "FIPS failure". The upgrade steps that we followed are:a) Do...

SSL Certificate for Global Connect

Hi All, I have a users who plan to connect their phones (To use a soft phone app for the PABX) and laptops to the internal network from outside, i have setup the global connect gateway and portal and tried to use self signed cert but it is not working, now i need to use a CA to generate a signed certificate and i have two questions:1. Which CA d...

Resolved! CLI URL filter, change Site Access?

I am trying to determine how to change the Site Access of the new URL categories (cryptocurrency and grayware). By default, they are Allow, and I want them to be Alert. I can do this via CLI w/ the command from config mode below. set shared profiles url-filtering TEST-ONLY-02 alert grayware What I do not understand is that once changed, I can ...

BoDollis by L1 Bithead
  • 3713 Views
  • 1 replies
  • 0 Likes

Resolved! Upgrade to PANOS 7.1

I'm looking at getting a Palo Alto used. A lot of the units are pan os 4, 5 or 6. For a PA-500, for example, can I get a 5.x OS and upgrade it to 7.1? Does this require a support contract to upgrade it?

RustyPA by L1 Bithead
  • 11154 Views
  • 7 replies
  • 0 Likes

Resolved! The sporadic syslog sender

I recently adding a new syslog destination at this new to me site and noticed something I hadn't seen before. That is that the sending of syslog data according to PAN Monitoring is send sporadically and in big bursts. For example when I added the new destination not long after the PAN sent one GB of syslog to all the destinations and then one sm...

palomed by L3 Networker
  • 5229 Views
  • 4 replies
  • 0 Likes

Dynamic updates constantly failed

Hi there Is there any known issue with Dynamic Updates? Our firewall can't get updates in the last 4 hours. The last update we got was around 4pm (GMT+10). The traffic log is showing incomplete. 'show url-cloud status' shows Cloud connection: not connected. Thanks.

myocella by L0 Member
  • 4108 Views
  • 4 replies
  • 0 Likes

Resolved! financial-services is exempt from decryption still decrypt error

PA running 8.1.9 we have rule from any source any zone do not decrypt financial-services category.CLI test test decryption-policy-match source 10.x.x.x destination 23.249.200.33 category financial-servicesMatched rule: 'No_Decrypt' action: no-decrypt Traffic log shows decrypt error URL log shows no decrypt.

MP18 by Cyber Elite
  • 5535 Views
  • 7 replies
  • 0 Likes

Identify syslog type for User-ID parse

I'm in the process of implementing User-ID and want to parse syslog logs. the predefined parse profile don't appear to be a match, as I'm looking to pull syslog from my domain controller. However, my Active Directory team can't provide me with a sample of the syslog event or tell me the type of syslog (regex or field) being generated. So I'm loo...

firewall rule using cli

Hi All , I ma having firewall managed using Panorama. I am trying to verify security rule on firewall itself using below : config show rulebase security rules <rulename> , however its not showing any output . Could you please confirm if this is correct way or i am missing something here . Thanks ..

deepak12 by L3 Networker
  • 3215 Views
  • 2 replies
  • 0 Likes

Traps is blocking chain

Hi, We have a legitime application which is running a script. This script and the chain is detected by traps as threat. So we would like to configure an exception for this cmd.exe --> cscript //E:JScript //nologo "C:\ProgramData\signature\sign.bat" So its possible to add this exception? where it can be configured?

BigPalo by L4 Transporter
  • 2696 Views
  • 2 replies
  • 0 Likes

CSR Certificate Issue

Hello Team, Three year before ,One of my customer is generated the certificate from linux machine and sent it to comodo for third party sign.Now they got new palo alto firewall and he is trying to install that certificate on palo alto but while installing certificate we are facing "Mismatched Public and Private keys" I have one more doubt that, ...

Interrogate External Server for UserID

Hi,We have a use case where, upon detection of a session with an unknown userID, we'd like the Palo firewall to interrogate an external service via REST API for the UserID/IP address mapping. I appreciate the normal way is to prepopulate the Palo or UserID Agent servers with data from external sources, but this is not possible in this case.Any ...

Resolved! How to enable all disabled application in fast way

Hello Team, Please let me know how we can enable all disabled application in faster way.During dynamic updates of Application and Threats customer clicked on 'Disable new apps in content update,' so there are total 700 application disabled and i found only two way to enable on both way i need to select disabled app manually one by one.

dmodi by L2 Linker
  • 6098 Views
  • 2 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks